CVE-2024-27316

Updated: 2024-11-30 03:41:04.663978

Description:

HTTP/2 incoming headers exceeding the limit are temporarily buffered in nghttp2 in order to generate an informative HTTP 413 response. If a client does not stop sending headers, this leads to memory exhaustion.


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x 0
CVSS Version 3.x HIGH 7.5

Status

OS name Project name Version Score Severity Status Errata Last updated

Statement

AlmaLinux 9.2 ESU httpd 2.4.53 7.5 HIGH Released CLSA-2024:1716915132 2024-05-28 14:18:46
CentOS 8.4 ELS httpd 2.4.37 7.5 HIGH Released CLSA-2024:1716923768 2024-05-28 17:19:32
CentOS 8.5 ELS httpd 2.4.37 7.5 HIGH Released CLSA-2024:1716924362 2024-05-28 17:19:30
CentOS Stream 8 ELS httpd 2.4.37 7.5 HIGH Released CLSA-2024:1728932179 2024-10-14 17:46:55
CloudLinux 7 ELS httpd 2.4.6 7.5 HIGH Not Vulnerable 2024-09-09 12:12:35
Ubuntu 16.04 ELS apache2 2.4.18 7.5 HIGH Released CLSA-2024:1725012024 2024-08-30 12:27:12
Ubuntu 18.04 ELS apache2 2.4.29 7.5 HIGH Released CLSA-2024:1728479129 2024-10-09 11:07:36